Configuring a captive portal

Configuring a captive portal

Captive portals are configured on network interfaces. On a physical (wired) network interface, you edit the interface configuration in System > Network > Interfaces and set Security Mode to Captive Portal. A WiFi interface does not exist until the WiFi SSID is created. You can configure a WiFi captive portal at the time that you create the SSID. Afterwards, the captive portal settings will also be available by editing the WiFi network interface in System > Network > Interfaces.

 

To configure a wired Captive Portal – web-based manager:

1. Go to System > Network > Interfaces and edit the interface to which the users connect.

2. In Security Mode select Captive Portal.

3. Enter

 

Authentication Portal                Local – portal hosted on the FortiGate unit.

Remote – enter FQDN or IP address of external portal.

User Groups                               Select permitted user groups or select Use Groups from Policies, which permits the groups specified in the security policy.

Use Groups from Policies is not available in WiFi captive portals.

Exempt List                                Select exempt lists whose members will not be subject to captive portal authentication.

Customize Portal

Messages

Enable, then select Edit. See Customizing captive portal pages on page 516.

4. Select OK.

 

To configure a WiFi Captive Portal – web-based manager:

1. Go to WiFi Controller > WiFi Network > SSID and create your SSID.

If the SSID already exists, you can edit the SSID or you can edit the WiFi interface in System > Network > Interfaces.

2. In Security Mode, select Captive Portal.

3. Enter

 

Portal Type                                 The portal can provide authentication and/or disclaimer, or perform user email address collection. See Introduction to Captive Portals on page 514.

Authentication Portal                Local – portal hosted on the FortiGate unit.

Remote – enter FQDN or IP address of external portal.

User Groups                               Select permitted user groups.

Exempt List                                Select exempt lists whose members will not be subject to captive portal authentication.

Customize Portal Messages     Click the link of the portal page that you want to modify. See “Captive portals” on page 516.

4. Select OK.

 

Exemption from the captive portal

A captive portal requires all users on the interface to authenticate. But some devices are not able to authenticate. You can create an exemption list of these devices. For example, a printer might need to access the Internet for firmware upgrades. Using the CLI, you can create an exemption list to exempt all printers from authentication.

config user security-exempt-list edit r_exempt

config rule edit 1

set devices printer end

end


Having trouble configuring your Fortinet hardware or have some questions you need answered? Ask your questions in the comments below!!! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

2 thoughts on “Configuring a captive portal

  1. Hi
    How do you set the certificate for the captive portal page? I have imported a SSL cert provide by a cert provider (QuoVadis) and set the global value :
    config system global
    set user-server-cert
    end
    But I still get a cert error message when accessing the authentication page saying that the common name on the cert does not match the URL which is the IP address. As I cant put an IP address on a cert any ideas how I can resolve this.
    Thanks
    Ian

Leave a Reply

Name *
Email *
Website